### Impact Anyone using untrusted message components may be affected. On versions >=6.0.0,<6.1.3 of JDA, the requester will attempt to download external media URLs from components if they are used in an update or send request. If you are used `Message#getComponents` or similar to get a list of components and then send those components with `sendMessageComponents` or other methods, you might unintentionally download media from an external URL in the resolved media of a `Thumbnail`, `FileDisplay`, or `MediaGallery`. ### Patches This bug has been fixed in 6.1.3, and we recommend updating. ### Wo…
GHSA-93fv-4pm9-xp28: JDA (Java Discord API) downloads external URLs when updating message components
JDA (Java Discord API) versions 6.0.0 to 6.1.3 unintentionally download external media URLs when updating message components, affecting users of untrusted message components.